Vulnerability Details CVE-2001-1234
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz
- http://www.iss.net/security_center/static/7215.php
- http://www.osvdb.org/1967
- http://www.securityfocus.com/bid/3397
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz
- http://www.iss.net/security_center/static/7215.php
- http://www.osvdb.org/1967
- http://www.securityfocus.com/bid/3397
Products affected by CVE-2001-1234
-
cpe:2.3:a:gallery_project:gallery:1.1
-
cpe:2.3:a:gallery_project:gallery:1.2
-
cpe:2.3:a:gallery_project:gallery:1.2.1